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How the analysis of electrical current 
consumption of embedded systems 
could lead to code reversing ? 


Focus on "Embedded systems" 


Yann ALLAIN / Julien MOINARD 
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• From France 

@OPALE SECURITY Company 

- IT Security & Embedded System Security 

• YannALLAIN 

- 18 Years in IT security and electronic industry 

- Former CSO of application domain for an Hotel company 
CEO and Owner of OPALE SECURTY 

• Julien MOINARD 

- Electronic specialist 

- In charge of most technical implementation regarding this research 
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• An another way to audit some Embedded system 



• Classical audit approach is done via 

- External pentest (IP Connexion, Web Interfaces...) 

- Hardware hacking stuff (Defeating anti tampering system, Opening the box 

- Etc... 


...but we want more... 
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• There always another access available on all 
Embedded system: 
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• As Security auditor, may we use this access to 
do something ? 


• This our research & experimentation starting 
point 


Please remind that this is an ‘ 



So... 
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• As security guys, we wondered if 
"Is there a way 

on an embedded system 

7 " 

a 


(~ From the Power connector...) 



Our wishlist 
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• Be pragmatic 

• Keep it simple as possible 

• No math and complex stuff 

• Cheap approach (as much as possible) 




blackha|* Existing research ^pale 

on this area? 

• Yes...(many!) with different goals 

• Power analysis technics (DPA, SPA) and 
researchers seems to 

of sensitive device (Crypto system, 


Credit Card...) 
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Existing research 


But 


on thi 


Cool ! . ..but researcher only 
focus on finding 
inductions...we need to access 
to Data also...(But great Paper!) 


We only find 
instruct'^ 


' 1 Q jp rr J - u ^ PO’ 


consumpLion for finding 


Too specific : Javacards 


BSarth) 


Discoveiy P_? encryption keys 

(Valette 

,http://www.ssi.gouv.f xhive/fr/sciences/fichiers/lcr/dalemuva05.pdf) 


Example adapted to JAraCARDS 
(Vermoen, • 

http://ce.et.tudelft.nl/publicatir 


Some chapters dedicated to our 
goals but no so much 
information disclosed (Gouv.fr 
closed to 'sort of military 
domain ?...) 
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• But these publications are 


E.g. : In ference of the secret by current 
analysis by correlation (!) 


PWW = 


m(aHib.H') 

v'll 


a cov(M') m- 2k 

- 7 = PWHPHH ' = m -• 

% 4 m 


pwh{R) = 


NT,\V l Hi, R -y i ^T.Rqt 
\/jV E W? - <E W^Jn £ Hl„ - (£«,.*)» 


• which are more or less complex {from our point of view I) 




Not for us....;-) 
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Question 

"What is the between 
the 

and 

On most of 


Answer 

Afondamental and basic 
electronic component.... 

Used everywhere ! 

Please gentlemen welcome 
to, our friends: 



(or other stuff like that) ?" 
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• Embedded systems are (could be) composed of 
microcontrollers (pC) that contain : 


- MEMORIES ( Ram, Rom,..) 

-ALU ( Arithmetic logic Unit) 

- TIMER ( Counter) 

-SERIAL INTERFACES 

-I/O BUS (Latch) 
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• Each basic functions 
included in pC are 
designed 
with 


Logical view 


Electronic view 
(used only few 
transistors) 


• For example , see how a 
"NAND" is designed 
(©electronic level ^ hysi< : al . . 

Electric signal 

(simplification view of) associated 


^PALE 

security 
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• When a transistor "process" a bit @ physical 
level (Current, Voltage), it "commutes" 

• Transistor = sort of digital switch 






Electronic 101 
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• When a Transistor " ", there is a 



• Let see what going on in practice (Labs...) 
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ectronic 101 
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nshot 1 - Hardware stuff 



»UMlT 







Electronic 101 


black hat 

U^A cElCDIcE! 


« 


security 


• Labs #1 - Screenshot 2 - One Transistor! 
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• Labs #1-Screenshot 3 
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• Labs #1-Screenshot 4 
























































Brief 
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• Transistors everywhere in pC 

• When a transistor "process" a bit, there is a 
current peak 

“\Ne just find the between the 
and 

• Information leakage from power consumption 
validated I 
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• How to move 

with our approach ? 

• We have designed a proof of concept tool to analyze 
the electrical current consumption of embedded 
systems to extract the code it executes 



black hat’ 

U5A20E Proof of concept 

• We need to acquire more bits...via a current 
consumption analysis 

• "Acquiring current consumption" : How? 



security 



Proof of concept 
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• What we need : A "homemade" embedded 
system (the target...) 

• Based on PIC18F4620 uC 
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- What we need : An Agilent oscilloscope for 
acquiring current consumption 

• AGILENT Dso3024a 
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Proof of concept 
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- What we need : A programmer /Debugger 
(Microchip Real Ice) 





Proof of concept 
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• What we need : A current probe 

- Very expensive Professional tools (magnetic or 
electromagnetic current probe ) > 400$ each 

Or 

- a simple resistor which cost less than 1 $ 



mu 


ilium 








Proof of concept 


Q 

black Fiat 

U^A cElCDIcE! 



security 


• What we need : A bit of software 

- Homemade code (VB.NET...sorry ©) used to 
control and pilot the oscilloscope 

- The code used the Standard protocol: VISA COM 
3.0 

- It's a Free Library that let us communicate with 
agilent oscilloscope with simple set of commands 

• Get datum measurement, Launch voltage or current 
acquisition process. Send numerical value of current 
acquired,... 





a'z* Curent 2 Code 


USB0::2391 ::6054:;my51 


Scale Channel 1 : +1 OOE-OO V/div 
Scale Channel 2 : -980E-03 V/div 


Scale Channel 3 : -►20E-03 V/div 


Scale Channel 4 : ♦5.00E+00 V/div 


AGILENT TECHNOLOGIES,DSO-X 3024A r MY51360621,01.21.2011072803 


Proof of concept 


What we need : A GUI 


27 9K 2 500;/ 


Command/Data 


GUI of our Proof 
of concept tool 
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• Our acquisition chain looks like that: 


Measure of 
current 
^consumption 


The embedded system, 
target of our experiment 
(Internet box, e-card 
prototypes) 



the computer controls 
the oscilloscope 
(acquisition order, 
recovering traces,...) 
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How we proceed to 


security 

grab the current and extract the code? 

Step 1 send a dummy code to uC 


PCI 


Embedded System 



Embedded 
system is 
Ready to use 












Proof of concept 

Step 2. In lab 
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Embedded System with probes 



Our tool try to find 
instruction & data 
executed from the 
current consumption 


$ Curent 2 Code 

Main j Differential Analysis Find instiuctions Dictionaiy 


Oscilloscope (Measure) 


Current 

Consumption 
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#1: Does the code really impacts the power consumption? 

#2: Do a MOVLW OxFF & a MOVLW 0x00 lead to measurable 
differences in power analysis? 

#3: Why pC's instructions Pipeline impact current 
consumption? 

#4: How to overcome Pipeline issues for our goals? 

#5: Could we create a (sort of) 'disassembler' over 
electricity? 
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Does the code really impacts 
the power consumption? 


(Experiment #1) 
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Does the code really impacts 
the power consumption? 
(Experiment #1) 
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Result #1: We have a current consumption related with nop instructions 


CONFIG OSC = INTI07 I 

CONFIG FCMEN = OFF I 

CONFIG 12 

:sc = OFF 1 

LIST p=18F4620 

^include < 

pi8F4620.inc> 

ORG 0 


movlw 

0x00 

movwf 

TRISA 

suite 


movlw 

OxFF ^ 

movwf 

LATA 

nop 


nop t 


nop 


nop 


movlw 

0x00 

movwf 

LATA 

goto 

sni: 

suite 



In ^ Current during the execution 
In Blue ^ Synchronization signal 
In Green ^Clock embedded system 
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Do a MOVLW OxFF & a MOVLW 0x00 
lead to measurable differences 
in power analysis? 


(Experiment #2) 




Do a MOVLW OxFF & a MOVLW 0x00 — 

lead to measurable differences PA LE 

in power analysis? security 

(Experiment #2) 

• Note : to limit impacts of parasites, our system 
take differential analysis 

• (©First time, we measured the difference 
between 

- Current consumption of 4 nop instructions 

- Current consumption of with 3 nop 

• (©Second time, we measured the difference 
between 

— Current consumption of 4 nop instructions 
— Current consumption of with 3 nop 
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Do a MOVLW OxFF & a MOVLW 0x00 
lead to measurable differences 
in power analysis? 

(Experiment #2) 



security 


• Result #2 : Current Trace related to Movlw OxFF 


CONFIG OSC = INTI07 
CONFIG FCMEN = OFF 
CONFIG IESC = OFF 


LIST p=18F4€20 
^include <p!8F4€20.inc> 


b^ Curent 2 Code 


Main Differential Analysis jTind instructions j Dictionary 


movlw 0x00 
movwf TRISA 


movlw OxFF 


movwf LATA 

nop 

movlw OxFF] 
nop 


Catch Reference NOP 



Difference of current 


In Blue ^ Synchronization signal 
In Green ^Clock embedded system 
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Do a MOVLW OxFF & a MOVLW 0x00 
lead to measurable differences 
in power analysis? 

(Experiment #2) 
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• Result #2 : Current Trace related to Movlw 0x00 


CONFIG OSC = INT107 
CONFIG FCMEN = OFF 
CONFIG IESC = OFF 

LIST p=18F4€20 
^include <pl8F4€20.inc> 

ORG 0 

movlw 0x00 
movwf TRISA 
suite 

movlw OxFF 
movwf LATA 


nop 

movlw 0x0 o| 

nop 

nop 

movlw 0x00 
mow f LATA 


□9 Curent 2 Code 


goto 

SNE 


suite 


Differential Curent 



Capture current and show graphical 
difference 
b 


J 


8 

Number (10 A 3) 


10 


In 4 Difference of current 
In Blue ^ Synchronization signal 
In Green ^Clock embedded system 




- 1 - 


12 


14 


16 
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Do a MOVLW OxFF & a MOVLW 0x00 
lead to measurable differences 
in power analysis? 

(Experiment #2) 


b 
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• Result #2 : We have a correlation between different value 
of data and amplitude of current consumption 


MOVLW 0x00 MOVLW OxFF 



Encoding of the movlw OxOO spstruction Encoding of the mov'w Oxf/S astruction 

0000 0 0000 0000 0000 0 































^PALt 

security 

• The current value measured depend on the 
groups of the data & instruction processed 

• Example below (0x24 is in a hamming group of 2) 


o 

o 

H 

o 

o 

H 

o 

o 


- > 

Hamming 

Group 

Number of instruction or 

data value by hamming 

groups 

0 

1 

1 

8 

2 

28 


3 

56 

4 

70 

5 

56 

6 

28 

7 

8 

8 
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Do a MOVLW OxFF & a MOVLW 0x00 
lead to measurable differences 
in power analysis? 

(Experiment #2) 
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Do a MOVLW OxFF & a MOVLW 0x00 
lead to measurable differences 
in power analysis? 

(Experiment #2) 




security 


• The hamming weight groups limits! 


Description 

Instruction 

Coding instruction 

Instruction Hamming Weight 

No Operation 

NOP 

0000 0000 

0 

Multiply W with f 

MULWF 

0000 0010 

1 ^ 

Subtract W from Literal 

SUBLW 

0000 1000 


Negate f 

NEGF 

0110 1100 

4 

Move W to f 

MOVWF 

0110 1110 

5 

Move Literal to W 

MOVLW 

0000 1110 

3 

Set f 

SETF 

0110 1000 

3 


so we don't able to differentiate MOVLW and SETF for 
example. It's a of our analyze. 
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Why [iCs instructions Pipeline 
impact current consumption? 


(Experiment #3) 




Why pC's instructions Pipeline 
impact current consumption? 
(Experiment #3) 
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• Result of our 3rd experimentation 


MOVLW 0x00 MOVLW OxFF 



• But why we have 
the code only have 


of current 
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Why pC's instructions Pipeline 
impact current consumption? 
(Experiment #3) 


• Influence of Pipeline 



security 


Cl 

C2 

C3 

C4 

Decoding 

Read data here 0x00 
(movlw 0x00) 

ALU 

Calculation 

ALU write 
the word in 
registers 
















PIPELINE 
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Why pC's instructions Pipeline 

impact current consumption? 

(Experiment #3) 


■■■■ 

^PA 

security 


Influence of Pipeline 


Waiting 

Instructions 


9ige X: Fetch 


Stage 2: Oecodc 


Stage 2: Execute 


Stage 4: Wrlte*back 


Completed 

Instructions 


o 

1 

2 

Clock Cycle 

3-4 5 6 7 8 9 

1 

s 

- 

■ 



§ H E§] □ 

[SI IS1 IS! ISI 


5 

[S3 ISI IS] [SI 

S ■ H 11 


i i 

1 

1 

1 

: 


Fetch 1 


Exec 1 
D | R | P | W 


Fetch 2 


Exec 2 

p|r!p jw 

Fetch 3 


Exec 3 
°|R|PI w 


Fetch 4 


D = Decode the instruction 
R = Read the operand 
P = Process (eg. ADDLW) 

W = Write the result to destination register 


Exec 4 

D l R i p i' A 'i l 
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Why pC's instructions Pipeline 

impact current consumption? 
(Experiment #3) 


• Influence of Pipeline 
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Pipeline is not our friend because 




Q 

black Fiat 

U^A 



security 


How to overcome Pipeline 
issues for our goals? 


(Experiment #4) 



How to overcome Pipeline 
issues for our goals? 
(Experiment #4) 
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-The main idea is use the principal of pre¬ 
calculated hash table 


— The idea is to memorize a signature of 
electricity consumption for each pair of 
consecutive instructions in an exhaustive way. 
The idea is to create a sort of dictionary. 


-We can now compare the current consumption 
of any (uncontrolled) executed code with the 
dictionary 




y Dctonay.cn ] 


How to overcome Pipeline 
issues for our goals? 
(Experiment #4) 


Generation of the dictionary 

PC 2 .. . Programmer Embedded System 




Send code with 
hamming code 


Current Consumption 


Save a dictionary 


Oscilloscope (Measure) 


1 ^ 


•*■1 







| “* = ss & 



a» 
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How to overcome Pipeline 
issues for our goals? 
(Experiment #4) 


• One button in our GUI © 



security 


Curent 2 Code 

Main Differential Analysis | Find instructions Dictionary 

CONFIG OSC = INTI07 
CONFIG FCMEN = OFF 
CONFIG IESO = OFF 

LIST p=18F4620 
include cp18F4G20.inc> 


movlw QxOO 
movwf TRISA 

movlw CbcFF 
movwf LATA 

instruction 1 > 

<instruction2> 

nop 

nop 

movlw QxOO 
movwf LATA 
goto suite 
END 
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Could we create a (sort of) 
'disassembler' over electricity? 


(Experiment #5) 



suite 


raovlvj 

OxFF 

BOW f 

~ IQOVlw 

LATA 

0x57 

nop 


nop 


nop 


raovlw 

0x00 

IQOVWf 

LATA 

goto 

ZNZ 

suite 




Could we create a (sort of) 
'disassembler' over electricity? 
(Experiment #5) 
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Trying to find an instruction 

On PC2, We use the software to find instruction 
& data 






















Could we create a (sort of) 
'disassembler' over electricity? 
(Experiment #5) 
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Trying to find an instruction 
- Perfect, the instruction was found ! 
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Results & Limits 
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• Extracting part of the code with current consumption seems to be a 
validated approach © 

• But limits exist ! 


• Limited by hamming group / Collision of instructions 

• Some issues regarding several specific set of instructions: 

• Branch and Jump instructions, I/O manipulation instruction, 

• more than 1 cycle instruction. 

• The influence on current consumption for those later would be different for sure 
(further investigation need to be scheduled!) 

• Dictionary imply that our method could only be adapted to reverse 
the code of embedded system based on well know board or ready to 
use system (FGPA based board. Development board, Pre designed 
embedded system board...). 
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Prospective 
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• We based our approach on current amplitude 
measurement 

• May be, we could add a temporal dimension to our 
measure to extract more information from the current 
consumption 

- Spot when the transistors commute 

- to be able to make a distinction of what bits is set to 1 (To 
be tested soon!) 

• We may also measure the electromagnetism waves 
create by the pC when code is executed 
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How to limit the risk 
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• Create a complementary current consumption 
(via soft or hardware) to hide the true power 
consumption 



• The pC manufacturers must be careful when 
designing the microcontroller instructions 
encoding table 
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Conclusion 
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• #1: Does the code really impacts the power 
consumption? -> YES 

• #2: Do different instructions & Data could be 
retrieved via power analysis? -> YES 

• #3: Could we create a (sort of) 'disassembler' 
over electricity? -> YES but with limits... 


• A Hardware IDA plugins ...Blackhat USA 2013 ? © 

(#teasing) 


- Don't hesitate to donate... ;-p 




Conclusion 
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• Cheap approach 

- 4500$ ^ oscilloscope 

- 10$ ^ Programmer / Debugger 

- 2$ ^ Embedded system 
-1$ ^ Resistor 

• Our code is open source ... Download it! Use 
it! Improve it (and send us an update ;-p) 
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To contact us : 

— research@opale-security.com 



